“We’re currently looking into report that a vulnerability allowed third party hackers to gain illegal access to some forum user information, including a number of emails and encrypted passwords. Our preliminary investigation suggests that the breach happened in September 2016 and it has since been fixed.”

The post goes on to explain that the breach affected only the mobile development company’s forum service. Gamer accounts remain unaffected by the security event.

Supercell uses vBulletin to power its forum. With this in mind, an attacker probably found that the company was running an outdated version of the software and decided to abuse a known vulnerability. The same thing happened to Epic Games and Disney’s Playdom in 2016. All these forum breaches indicate that the game development industry as a whole could invest more resources in software discovery and vulnerability management.

In the meantime, Supercell is asking that all users reset their passwords. That’s especially true for users who might have used their password for the game forum across multiple web accounts.

It’s never a good idea to reuse passwords. In today’s world of mega-breaches like what happened to LinkedIn and Yahoo, attackers will try to authenticate a user with a single set of credentials across multiple web services. These types of password reuse attacks have led Carbonite and others to preemptively institute password resets for their users.

Users who own a Supercell account should change their passwords as soon as possible by visiting this website. For tips on how to create a strong and unique password for each of their web accounts, please read these experts’ advice.